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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 1/8/07. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1 - 20 are pending. 
6 



7 Claim Rejections - 35 USC § 102 

8 

9 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

1 0 form the basis for the rejections under this section made in this Office action: 

11 A person shall be entitled to a patent unless - 

1 2 (b) the invention was patented or described in a printed publication in this or a foreign country or in public 
1 3 use or on sale in this country, more than one year prior to the date of application for patent in the United 
14 States. 

15 

16 Claims 1 - 20 are rejected under 35 U.S.C. 102(b) as being anticipated by 

17 Boden et al. (Boden), "System and Method for Managing Security Objects", U.S. 

18 Patent 6,330, 562. 

19 

20 Regarding claim 1, Boden discloses: 

21 providing a plurality of security policies (7:51-58), wherein each security policy 

22 includes an application instance identifier associated with a security service (1 5:37-38; 

23 4: 1 7-22; fig. 3b:36; fig. 3d:58), at least two application instance identifiers being 

24 associated with different security services that operate according to different protocols 

25 at different layers of a multi-layered protocol stack (8:29-38; 54-67 - Boden discloses a 
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1 plurality of security services associated with key management and data management, 

2 The security services operating according to different protocols at different layers [ex. 

3 IKE vs. ESP, AH). 

4 and creating at least one security association, wherein the at least one security 

5 association is created based upon the at least one security service (2:3-8) associated 

6 with at least one application instance identifier to thereby create a centralized key store 

7 including the plurality of security policies and the at least one security association (figs. 

8 3-3d; 3:23-36). 
9 

1 0 Regarding claims 6 and 1 1 they are rejected, at least, for the same reasons as 

1 1 claim 1 , and because Boden further discloses: 

1 2 a first security gateway configured for providing a plurality of security policies (fig. 

13 1:18,19)... wherein the first security gateway is configured for applying a security 

1 4 service associated with an identified application instance identifier (4: 1 7-22) to at least 

1 5 one packet of data to thereby transform the at least one packet of data (fig. 3: 80), 

1 6 wherein the first security gateway is configured for applying the security service to the at 

1 7 least one packet based upon at least one security policy and at least one security 

1 8 association (fig. 1 ; 3:60-4:4; 6:13-31 ); and a second security gateway configured for 

1 9 applying the security service associated with the identified application instance identifier 

20 to the at least one transformed packet of data to thereby generate a representation of 

21 the at least one packet of data (fig. 1 ; 3:60-4:4; 6: 1 3-31 ); 
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1 wherein the processor is configured to relay the at least one transformed packet 

2 (fig. 1:213; 3:60-4:4). 
3 

4 Regarding claims 2, 3, 9, 12, and 14, Boden further discloses a system 



5 comprising sending and receiving gateways. Each gateway further comprises a key 

6 management policy and a data management policy. Each of the specified policies 

7 provides for associated security services. (3:60-4:22). Both the sending and receiving 

8 gateways receive and transmit packets of which are transformed upon transmission or 

9 reception according to the identified application of security services between nodes 
10 (3:1-20; 3:60-4:16; fig. 1). 

11 

12 Regarding claims 4, 8, and 13, Boden further discloses: 

1 3 at least one security policy further including at least one selector field having at 

1 4 least one selector value in a format common to a plurality of security service protocols, 

1 5 and wherein applying the security service comprises applying the security service 

1 6 further based upon the at least one security policy including the at least one selector 

17 value (11:table 1; figs. 3-3d; 13:1-50; 13:62-14:25). Boden discloses a security policy 

1 8 having common selector fields utilized to provide security services in accordance with 

1 9 the protocols defined by the policy. 
20 

21 Regarding claims 7, it is rejected, at least, for the same reasons as claims 1 and 

22 6. 
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1 

2 Regarding claims 5, 1 0, and 1 5, Boden further discloses creating at least one 

3 security association according to an Internet Key Exchange (IKE) technique (3:60-4: 16). 
4 

5 Regarding claims 16-20, they are the features and limitations of the above 



6 rejected claims embodies as computer instructions upon a medium. Thus, they are 

7 rejected, at least, for the same reasons as the above rejected claims, and further 

8 because Bbden discloses a computer program product for creating and maintaining a 

9 centralized key store (15:62-16:6). 
10 

1 1 Response to Arguments 

12 

1 3 Applicant's arguments filed 1/8/07 have been fully considered but they are not 

14 persuasive. 
15 

1 6 Applicant argues primarily that: 

17 

1 8 (i) In no event, however, does Boden disclose applying a security service other than 

1 9 IPSec such that the security policies include application instance identifiers associated 

20 with security services. (Remarks, pg. 9) 
21 
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1 In response to applicant's argument that the references fail to show certain 

2 features of applicant's invention, it is respectfully noted that the features upon which 

3 applicant relies (i.e., applying a security service other than IPSec such that the security 

4 policies include application instance identifiers associated with security services) are not 

5 recited in the rejected claim(s). Although the claims are interpreted in light of the 

6 specification, limitations from the specification are not read into the claims. See In re 

7 Van Geuns, 988 F.2d 1 1 81 , 26 USPQ2d 1 057 (Fed. Cir. 1 993). 
8 

9 (ii) The.claimed invention, on the other hand, recites a centralized key store 

1 0 including a plurality of security policies each of which includes an application instance 

1 1 identifier associated with a respective security service, at least two of the application 

12 instance identifiers being associated with different security services. (Remarks, pg. 9) 
13 

14 In response, the examiner kindly notes that prior art discloses security policies 

1 5 comprising application identifiers "Key Management" [associated with the management 

16 of key generation security services such as IKE] and "Security" [associated with the 

1 7 management of data authentication and encryption security services]. The security 

1 8 services provided by these named policies are different. 
19 

20 (iii) In accordance with the present invention, on the other hand, IPSec is but one of 

21 a number of different security services that may be implemented using the claimed 

22 centralized key store. Thus, and in further contrast to amended independent Claim 1, 
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1 under no reasonable interpretation does Boden teach or suggest application instance 

2 identifiers associated with different security services that operate according to different 

3 protocols . Instead, Boden discloses different policies that all operate according to the 

4 same protocol, i.e., IPSec. (Remarks, pg. 9). 
5 

6 In response, the examiner respectfully notes that the applicant's arguments 

7 appear to be base upon a misinterpretation of IPSEC. Applicant is respectfully invited 

8 to review evidentiary teachings concerning IPSEC (Kent et al., RFC 2401, "Security 

9 Architecture for the Internet Protocol", 1 998, pgs. 1 -66). Boden teaches inter alia the 

10 use of IPSEC. As is known to those of ordinary skill in the art, IPSEC is a security 

1 1 architecture. This framework enables to provision of a plurality of security services that 

1 2 operate according to a plurality of protocols. 
13 

14 (iv) Even if one could argue that the IPSec protocol supports different security 

1 5 services according to different protocols, however, Applicant notes that all of those 

1 6 services and protocols operate at the network (IP) layer of the TCP/IP protocol stack. As 

1 7 now recited by amended independent Claim 1, however, the claimed invention permits 

1 8 different services and protocols at different layers of a multilayer protocol stack. 

19 (Remarks, pg. 9) 
20 

21 In response, the examiner respectfully notes that IKE does not operate at the 

22 network layer along with IPSec protocols. 
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1 

2 (v) As explained in the specification, these services may include at least IPsec 

3 service at the network layer of the TCP/IP protocol stack, and Secure Sockets 

A Layer/T ransport Layer Security (SSL/TLS) at the application layer of the TCP/IP 

5 protocol stack. See, e.g., Pat. Appi, page 8, lines 8-12. (Remarks, pg. 9, 10) 
6 

7 In response to applicant's argument that the references fail to show certain 

8 features of applicant's invention, it is noted that the features upon which applicant relies 

9 (i.e., services may include at least . . . Secure Sockets Layer/T ransport Layer Security 

1 0 (SSL/TLS) at the application layer of the TCP/IP protocol stack) are not recited in the 

1 1 rejected claim(s). Although the claims are interpreted in light of the specification, 

12 limitations from the specification are not read into the claims. See In re Van Geuns, 988 

13 F.2d 1181, 26USPQ2d 1057 (Fed. Cir. 1993). 
14 

1 5 Conclusion 



16 



17 



The prior art made of record and not relied upon is considered pertinent to 



18 



applicant's disclosure: 



19 



20 



See Notice of References Cited 



21 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 



2 



policy as set forth in 37 CFR 1 . 1 36(a). 



3 



A shortened statutory period for reply to this final action is set to expire THREE 



4 MONTHS from the mailing date of this action. In the event a first reply is filed within 

5 TWO MONTHS of the mailing date of this final action and the advisory action is not 

6 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

7 shortened statutory period will expire on the date the advisory action is mailed, and any 

8 extension fee pursuant to 37 CFR 1 . 1 36(a) will be calculated from the mailing date of 

9 the advisory action. In no event, however, will the statutory period for reply expire later 

1 0 than SIX MONTHS from the mailing date of this final action. 

1 1 Any inquiry concerning this communication or earlier communications from the 

1 2 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

1 3 7965. The examiner can normally be reached on 8:30-5:00. 

14 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

15 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

16 number for the organization where this application or proceeding is assigned is (703) 

17 872-9306. 
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Information regarding the status of an application may be obtained from the 



2 Patent Application Information Retrieval (PAIR) system. Status information for 

3 published applications may be obtained from either Private PAIR or Public PAIR. 

4 Status information for unpublished applications is available through Private PAIR only. 

5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

6 you have questions on access to the Private PAIR system, contact the Electronic 

7 Business Center (EBC) at 866-21 7-91 97 (toll-free). 



8 



9 

10 
11 
12 
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